Domino Directory 6.5.2

 

+
Search Tips   |   Advanced Search

 

Content

  1. Domino Directory directory structure
  2. Enable anonymous LDAP for Domino 6.0.x and 6.5.x
  3. Add portal administrators to the Domino Directory
  4. Update the Access Control List of the Domino Directory

 

Domino Directory directory structure

The following schema is an example for Domino Directory.

IBM recommends that Domino be used as the LDAP server if no existing directory is already in place, especially if you intend to make use of Lotus Collaborative Services.

If a non-Domino directory server is already in place, you can use Domino's Directory Assistance feature to incorporate the existing directory with Domino.

The LDIF files supplied by WebSphere Portal are not intended for use with Domino Directory. LDAP prefixes, such as cn= or uid= should be entered in lowercase. Uppercase or mixed case might cause problems with subsequent case-sensitive queries of the Member Services and WebSphere Portal databases.

 

Enable anonymous LDAP for Domino 6.0.x and 6.5.x

You can configure Domino to allow anonymous access for the LDAP users, or you can set up a bind user to LDAP by modifying settings in the CSEnvironment.properties file. Setting this bind user enables authenticated LDAP. The following instructions provide steps that enable anonymous LDAP users.

To configure anonymous access for LDAP users, include all the attributes shown in the following steps, including the attribute HTTP-HostName. Because the attribute HTTP-HostName does not display for the default LDAP schema of Domino 6.x, extend the schema to add the attribute.

The guide, Domino 6 Administering the Domino System, Volume 1 provides details about setting up the LDAP service and methods for extending the schema.

To allow anonymous users to query LDAP, follow these steps:

 

Step 1: Add the HTTP-HostName attribute to the schema.

  1. Make sure that you have Manager access to the Schema database (SCHEMA.NSF).

  2. Open the Schema database on any server in the domain that runs the LDAP service.

  3. Select the All Schema Documents view, then click New Document - Add Attribute Type.

  4. Complete these fields on the Basics tab:

    Field Action
    LDAP name Enter HTTP-HostName for the attribute.
    OID Enter the object identifier: 2.16.840.1.113678.2.2.2.2.461
    Syntax name Select Directory String
    Description (Optional) Enter a description for the attribute.
    Equality match (Optional) Select a matching rule to apply when the equality operator is used to search for this attribute.
    Ordering match (Optional) Select a matching rule to apply when an ordering operator is used to search for this attribute.
    Substrings match (Optional) Select a matching rule to apply when a substring operator is used to search for this attribute.
    Single valued Choose one: Choose one:

    • Yes to allow more than one value for the attribute (default)

    • No to allow only one value
    Collective Choose one:

    • Yes to allow the values for this attribute to be shared

    • No to prevent values from being shared (default)
    No user modification Choose one:

    Yes Prevent users from modifying the values
    No Allow users to modify values (default)

  5. Click Save & Close. A draft document for the HTTP-HostName attribute appears in the Draft Documents - Draft Attribute Types view.

  6. Select the HTTP-HostName draft documents, and click Approve - Approve Selected Drafts.

 

Step 2: Complete the configuration

  1. Use the Domino Administrator interface to open the Domino Directory, names.nsf, for the server.

  2. Navigate to the view Configuration - Servers.

  3. Highlight Configurations and then open the Configuration Settings document. If a global configuration document does not exist, click Add Configuration to create a new configuration document and display Configuration Settings.

  4. On the Basics tab, for the option Use these settings as the default settings for all servers, click Yes.

    select Yes to cause the LDAP tab to appear for use in the next step.

  5. On the LDAP tab, click the button next to Select Attribute Types to open the LDAP Attribute Type Selection dialog box.

  6. From the Object Classes drop-down list, select *, and then click Display Attributes.

  7. From Selectable Attribute Types box, select the following fields, and then click Add to add them the Queriable Attribute Types box.

    AltFullName
    dominoCertificate
    givenName
    HTTP-HostName
    Location
    mail
    MailAddress
    MailDomain
    MailFile
    MailServer
    member
    NetAddresses
    PublicKey
    Sametime
    sn
    uid
    userCertificate

  8. Click OK to close the LDAP Attribute Type Selection dialog box, and return to the Configuration Settings document.

  9. Ensure that the Anonymous users can query field displays the following attributes:

    AltFullName
    dominoCertificate
    givenName
    HTTP-HostName
    Location
    mail
    MailAddress
    MailDomain
    MailFile
    MailServer
    member
    NetAddresses
    PublicKey
    Sametime
    sn
    uid
    userCertificate

  10. For the option Allow LDAP users write access, click Yes. This setting ensures that portal users can use the self-care and self-registration features of WebSphere Portal.

  11. Keep all other default LDAP settings in Configuration Settings.

  12. Click Save and Close to close Configuration Settings.

  13. If you are using an existing user as the portal administrator, go to Update the Access Control List of the Domino Directory. If you are adding a new user to act as the portal administrator, go to Add portal administrators to the Domino Directory.

 

Add portal administrators to the Domino Directory

  1. Navigate to the People view of the Domino Directory and, from the action bar, click Add Person.

  2. In the New Person form, enter the following values in the fields shown:

    Last Name: wpsbind
    User name: wpsbind/DominoDomain
    wpsbind
    Short name/UserID: wpsbind
    Internet password: wpsbind

    Make sure that you enter two values in the User name field, where the first value includes the Domino Domain.

  3. Click Save and Close to save the new person record for wpsbind and return to the People view of the Domino Directory.

  4. From the action bar, click Add Person and complete the New Person form to add your portal administrator ID as follows:

    Last name: wpsadmin
    User name: wpsadmin/DominoDomain
    wpsadmin
    Short name/UserID: wpsadmin
    Internet password: wpsadmin

    Make sure that you enter two values in the User Name field, where the first value includes the Domino Domain.

  5. Click Save and Close to save the new person record for the new administrative user and return to the People view of the Domino Directory.

  6. Navigate to the Groups view of the Domino Directory and, from the action bar, click Add Group.

  7. In the New Group form, on the Basics tab, enter the following values in the fields shown to create the portal administrators group wpsadmins and add the wpsbind, and the portal administrative user. You can add additional users to administer the portal, if desired.

    Group name: wpsadmins
    Group type: Multi-purpose
    Members: wpsbind
    wpsadmin

  8. Click Save and Close to save the wpsadmins group.

  9. See Update the Access Control List of the Domino Directory to assign the necessary permissions to the new administrative group and users.

 

Update the Access Control List of the Domino Directory

Ensure that the administrator group, wpsadmins, has the proper permissions and roles in the Domino Directory.

  1. In the Domino Administration or in the Lotus Notes client, open the server's Domino Directory (names.nsf), and from the main menu, choose File - Database - Access Control to open names.nsf.

  2. In the Access Control List - Basics, ensure that the portal administrators group wpsadmins has either Author access or Editor access for all roles available.

  3. For the wpsadmins group, add and assign the following Role Types:

    • GroupCreator
    • GroupModifier
    • UserCreator
    • UserModifier

  4. Click OK to save these changes to the Access Control List of the Domino Directory.

  5. Select Exit in the Domino Administrator or Notes client.

 

Next steps

You have completed this step. Continue to the next step by choosing the following topic:

  1. LDAP user registry
  2. Plan
  3. Install Domino Directory
  4. Set up Domino Directory over SSL
  5. Configure for Domino Directory without realm support
  6. Configure for Domino Directory with realm support
  7. Verifying
  8. Set up LDAP over SSL with Domino Directory
  9. Configure WebSphere Portal for LDAP

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.